Advertisement
  1. Florida Politics

Security threats on voting system loom as Florida's elections officials gather in Polk County

Ben Martin is chief operating officer of VR Systems, the Florida firm targeted by a Russian "phishing" attack in 2016. [Steve Bousquet | Tampa Bay Times]
Ben Martin is chief operating officer of VR Systems, the Florida firm targeted by a Russian "phishing" attack in 2016. [Steve Bousquet | Tampa Bay Times]
Published Jun. 21, 2017

DAVENPORT — Voting experts in Florida, the national epicenter of electoral suspense, have one concern above all others as they prepare for the 2018 election.

Click. Cybersecurity.

Efforts by Russian hackers to attack computers in Florida last fall failed, but shed light on potential vulnerabilities of an election system managed locally and in mostly small counties with limited technological resources.

"It's the main topic of conversation," Pinellas County Supervisor of Elections Deborah Clark said at a conference of election supervisors. "I just don't think you can have too many people looking at this stuff."

As Clark and dozens of her colleagues mingled at the Omni Champions Gate near Walt Disney World on Tuesday, they said they are more security-conscious than ever. On Thursday, officials will attend a seminar titled "Election Integrity in the Current Political and Media Environment."

Nearly two decades ago, Florida was thrust into unprecedented scrutiny of its voting system after a deadlocked 2000 presidential election. The stuff of books, movies and monologues, it largely came down to punch-card ballots and hanging chads that left voters' intentions hanging, too.

The new threat is seen as far more sinister because it's blamed on a hostile foreign power, and it's much harder to see.

The first of two Russian hack attempts in Florida last August targeted VR Systems, a 25-year-old vendor of voting equipment software based in Tallahassee that serves 64 of the state's 67 counties and does business in several other states.

A leaked report by the federal National Security Agency, which cited the Kremlin's involvement, said the would-be hackers likely penetrated VR's email system to reach counties using a tactic known as phishing.

On Tuesday, VR Systems' chief operating officer, Ben Martin, told the Times/Herald at the Orlando-area conference that this hack failed.

"We were not compromised during that phishing campaign," Martin said.

According to the NSA report, the hackers then created spoof email accounts designed to resemble VR Systems' own accounts and fired off malicious "spear-phishing" messages to 122 elections officials, including some in Florida.

Florida's electronic system of counting votes is not connected to the Internet, and it's separate from voter registration data. VR Systems has no role in counting ballots in Florida. The FBI and U.S. Department of Homeland Security opened an investigation, but Martin said he learned of the inquiry from county clients, not the federal agencies.

Martin said VR Systems did not survey counties on how they reacted to the suspicious emails. He said that's the responsibility of the counties and their own IT staffers.

"We didn't necessarily want to know unless they wanted to share that with us," Martin said, expressing their concern about media leaks.

Even as he vowed his company's system had not been successfully breached, Martin did warn that there's no such thing as "totally secure" in today's world.

"If anybody tells you they're secure, don't believe them," Martin said. "There are just different gradients of security."

One lingering unknown is how the Russian hackers got email addresses of 122 elections officials across the country.

VR Systems says all were online, but at least one election supervisor is skeptical.

"There are a couple of missing links here," said Hillsborough Supervisor of Elections Craig Latimer, the Associated Press reported. He declined to elaborate.

There's no evidence that's been publicly disclosed showing any county was breached. But Tuesday, Florida supervisors stressed the importance of easing lingering anxiety before the next statewide election cycle in 2018.

"Our success depends on having the trust of voters," said Mark Earley, supervisor of elections for Tallahassee's Leon County. "If that trust is lost, it's almost impossible to regain."

To give historical perspective to today's cyber threats, Theresa LePore, who ran Palm Beach County's elections during the presidential recount in 2000, spoke of her own traumatizing experience.

Many of today's election supervisors were not in office during the historic 36-day siege of manual recounts, hanging chads and the notorious "butterfly ballot," produced by LePore's office. Some Democrats said the design, resembling a butterfly, was so confusing that they mistakenly voted for Pat Buchanan, not Al Gore, in an election that a 5-4 U.S. Supreme Court decided in favor of George W. Bush.

LePore, who is working on a book about her 2000 experience, noted that the butterfly ballot was approved by both parties and candidates and needed to make room for eight minor-party presidential candidates. But that's largely forgotten.

"Document, document, document," LePore told the crowd of elections officials as archival video showed angry demonstrators in South Florida and bleary-eyed canvassing board members holding paper ballots up to the light.

"Have an emergency plan in place. You may think it may never happen to you," she warned them. "When you do have something happen, try to be as transparent as possible."

Contact Steve Bousquet at sbousquet@tampabay.com. Follow @stevebousquet.